From owner-svn-src-stable-12@freebsd.org  Thu Mar 19 03:29:48 2020
Return-Path: <owner-svn-src-stable-12@freebsd.org>
Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 75D15278F07;
 Thu, 19 Mar 2020 03:29:48 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48jXTS1Cssz3wh2;
 Thu, 19 Mar 2020 03:29:48 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C12B04A12;
 Thu, 19 Mar 2020 03:29:47 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02J3Tlta041537;
 Thu, 19 Mar 2020 03:29:47 GMT (envelope-from cy@FreeBSD.org)
Received: (from cy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02J3Tljr041536;
 Thu, 19 Mar 2020 03:29:47 GMT (envelope-from cy@FreeBSD.org)
Message-Id: <202003190329.02J3Tljr041536@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org
 using -f
From: Cy Schubert <cy@FreeBSD.org>
Date: Thu, 19 Mar 2020 03:29:47 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r359115 - in stable:
 11/lib/libpam/modules/pam_login_access 12/lib/libpam/modules/pam_login_access
X-SVN-Group: stable-12
X-SVN-Commit-Author: cy
X-SVN-Commit-Paths: in stable: 11/lib/libpam/modules/pam_login_access
 12/lib/libpam/modules/pam_login_access
X-SVN-Commit-Revision: 359115
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-12@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for only the 12-stable src tree
 <svn-src-stable-12.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-12>, 
 <mailto:svn-src-stable-12-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-12/>
List-Post: <mailto:svn-src-stable-12@freebsd.org>
List-Help: <mailto:svn-src-stable-12-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-12>, 
 <mailto:svn-src-stable-12-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 03:29:48 -0000

Author: cy
Date: Thu Mar 19 03:29:46 2020
New Revision: 359115
URL: https://svnweb.freebsd.org/changeset/base/359115

Log:
  MFC r358065:
  
  The words ALL, LOCAL, and EXCEPT have special meaning and are documented
  as in the login.access(5) man page. However strcasecmp() is used to compare
  for these special strings. Because of this User accounts and groups with
  the corresponding lowercase names are misintrepreted to have special
  whereas they should not.
  
  This commit fixes this, conforming to the man page and to how the Linux
  pam_access(8) handles these special words.
  
  Approved by:	des (implicit, blanket)

Modified:
  stable/12/lib/libpam/modules/pam_login_access/login_access.c
Directory Properties:
  stable/12/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/lib/libpam/modules/pam_login_access/login_access.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/12/lib/libpam/modules/pam_login_access/login_access.c
==============================================================================
--- stable/12/lib/libpam/modules/pam_login_access/login_access.c	Thu Mar 19 02:22:08 2020	(r359114)
+++ stable/12/lib/libpam/modules/pam_login_access/login_access.c	Thu Mar 19 03:29:46 2020	(r359115)
@@ -125,7 +125,7 @@ list_match(char *list, const char *item,
      */
 
     for (tok = strtok(list, sep); tok != NULL; tok = strtok((char *) 0, sep)) {
-	if (strcasecmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
+	if (strcmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
 	    break;
 	if ((match = (*match_fn)(tok, item)) != 0)	/* YES */
 	    break;
@@ -133,7 +133,7 @@ list_match(char *list, const char *item,
     /* Process exceptions to matches. */
 
     if (match != NO) {
-	while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT"))
+	while ((tok = strtok((char *) 0, sep)) && strcmp(tok, "EXCEPT"))
 	     /* VOID */ ;
 	if (tok == NULL || list_match((char *) 0, item, match_fn) == NO)
 	    return (match);
@@ -219,7 +219,7 @@ from_match(const char *tok, const char *string)
 	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
 	    && strcasecmp(tok, string + str_len - tok_len) == 0)
 	    return (YES);
-    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
+    } else if (strcmp(tok, "LOCAL") == 0) {	/* local: no dots */
 	if (strchr(string, '.') == NULL)
 	    return (YES);
     } else if (tok[(tok_len = strlen(tok)) - 1] == '.'	/* network */
@@ -240,7 +240,7 @@ string_match(const char *tok, const char *string)
      * Otherwise, return YES if the token fully matches the string.
      */
 
-    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
+    if (strcmp(tok, "ALL") == 0) {		/* all: always matches */
 	return (YES);
     } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
 	return (YES);